Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/Ny2iyxeuZXEsORd19mLonGlTc1o.roa
File:                     Ny2iyxeuZXEsORd19mLonGlTc1o.roa (raw, json)
Hash identifier:          IHzsSFmGLhjoSc5ovg8f9ByPO12qJhMupxXp5WM/rZs=
Subject key identifier:   37:2D:A2:CB:17:AE:65:71:2C:39:17:75:F6:62:E8:9C:69:53:73:5A
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       019B7EA72FBCBDC4E053742B5C010A74CC8B
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/Ny2iyxeuZXEsORd19mLonGlTc1o.roa
Signing time:             Fri 02 Jan 2026 12:20:44 +0000
ROA not before:           Fri 02 Jan 2026 12:20:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210037
IP address blocks:        193.37.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:2f:bc:bd:c4:e0:53:74:2b:5c:01:0a:74:cc:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Jan  2 12:20:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=372da2cb17ae65712c391775f662e89c6953735a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:98:b2:f4:20:c0:dc:00:6a:b8:86:bb:79:37:
                    c9:ff:47:de:ce:d3:4c:02:19:b1:b5:08:20:26:a1:
                    47:7e:92:84:bc:f0:aa:6c:fb:af:79:af:ab:a7:1a:
                    57:df:34:d1:35:78:0e:bb:b3:79:1e:8f:35:3e:fd:
                    0f:c6:07:d4:8c:d6:fc:2f:fd:f7:88:ef:4e:c2:86:
                    77:05:a3:15:54:61:c6:53:80:d7:f8:6f:f8:ce:53:
                    88:a1:16:9e:6d:1d:96:b1:58:d5:8e:e7:ac:1c:27:
                    db:e5:09:71:40:03:36:ac:44:8d:3d:96:7a:06:92:
                    64:7d:81:85:dc:e0:f0:a6:30:5b:db:ef:db:71:7e:
                    6e:da:75:da:78:63:4c:e5:dc:a4:74:bd:4f:e2:e2:
                    f5:fb:26:39:d4:92:3b:31:89:f9:2e:b6:a7:37:33:
                    fc:4c:a7:d3:1f:10:37:62:0b:03:31:0f:72:b3:06:
                    0c:05:a2:28:c7:70:65:d5:0e:7a:35:52:31:e0:cf:
                    75:e6:5b:d6:bf:ba:7d:7c:27:d0:a6:07:4d:34:cf:
                    0c:9b:b4:52:8b:62:2f:fb:b6:4a:0b:46:d6:a8:e4:
                    f4:3f:80:a4:34:09:3c:a5:6d:82:7a:f4:62:32:ce:
                    04:fa:9f:59:4e:6b:12:5c:48:f5:95:69:82:cf:3a:
                    ff:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:2D:A2:CB:17:AE:65:71:2C:39:17:75:F6:62:E8:9C:69:53:73:5A
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/Ny2iyxeuZXEsORd19mLonGlTc1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:38:21:a8:98:e6:4d:49:b9:e6:bc:35:d1:30:69:bb:cc:8f:
         c1:1d:ce:38:06:7e:27:c4:0d:26:ef:f5:3f:84:bf:0a:eb:70:
         3a:5c:a2:15:b6:55:45:28:31:f7:96:3b:df:32:79:58:c8:ab:
         a3:99:8b:ce:f5:0f:77:0c:ba:19:06:8d:af:4e:7f:8e:cf:09:
         4f:32:63:61:a3:13:78:df:fd:e2:93:ab:6c:ff:8e:14:75:d9:
         98:af:50:a7:0d:a2:37:70:d6:f6:e3:59:f5:35:3e:98:ab:35:
         63:1f:f0:7e:78:f2:cf:fc:bf:a6:97:f1:49:0c:b6:d4:59:1f:
         ba:ce:fd:19:8a:b1:ae:2e:d9:f7:67:06:62:79:5b:84:2d:68:
         84:ad:94:a3:4d:66:f4:0d:9f:4a:c7:47:c4:e7:00:7e:2e:46:
         8c:18:06:46:03:e7:b5:f6:30:26:cc:d3:02:22:0b:b5:dd:0a:
         41:1a:d5:29:95:29:96:5e:3f:0a:06:1b:69:92:cf:4f:f6:87:
         a4:d6:ad:fb:01:61:af:75:c6:65:b9:d8:c7:98:dd:cf:52:49:
         78:6d:51:fb:f5:57:8e:c4:bd:bf:dc:4b:f7:0b:8a:7a:9f:bf:
         0e:95:c5:2b:b3:99:e0:f8:61:14:53:0c:a3:b6:2b:59:c1:ca:
         a3:57:76:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+py+8vcTgU3QrXAEKdMyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjYwMTAyMTIyMDQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzJkYTJjYjE3YWU2NTcxMmMzOTE3NzVmNjYyZTg5YzY5NTM3MzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25iy9CDA3ABquIa7eTfJ/0feztNM
AhmxtQggJqFHfpKEvPCqbPuvea+rpxpX3zTRNXgOu7N5Ho81Pv0PxgfUjNb8L/33
iO9OwoZ3BaMVVGHGU4DX+G/4zlOIoRaebR2WsVjVjuesHCfb5QlxQAM2rESNPZZ6
BpJkfYGF3ODwpjBb2+/bcX5u2nXaeGNM5dykdL1P4uL1+yY51JI7MYn5LranNzP8
TKfTHxA3YgsDMQ9yswYMBaIox3Bl1Q56NVIx4M915lvWv7p9fCfQpgdNNM8Mm7RS
i2Iv+7ZKC0bWqOT0P4CkNAk8pW2CevRiMs4E+p9ZTmsSXEj1lWmCzzr/ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDctossXrmVxLDkXdfZi6JxpU3NaMB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvTnkyaXl4ZXVaWEVzT1JkMTltTG9uR2xUYzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSXAMA0G
CSqGSIb3DQEBCwUAA4IBAQDBOCGomOZNSbnmvDXRMGm7zI/BHc44Bn4nxA0m7/U/
hL8K63A6XKIVtlVFKDH3ljvfMnlYyKujmYvO9Q93DLoZBo2vTn+OzwlPMmNhoxN4
3/3ik6ts/44UddmYr1CnDaI3cNb241n1NT6YqzVjH/B+ePLP/L+ml/FJDLbUWR+6
zv0ZirGuLtn3ZwZieVuELWiErZSjTWb0DZ9Kx0fE5wB+LkaMGAZGA+e19jAmzNMC
Igu13QpBGtUplSmWXj8KBhtpks9P9oek1q37AWGvdcZludjHmN3PUkl4bVH79VeO
xL2/3Ev3C4p6n78OlcUrs5ng+GEUUwyjtitZwcqjV3Yp
-----END CERTIFICATE-----